Cyber security is a cornerstone of economic growth for digitally enabled nations. Given the accelerated rate of digital transformation over recent years, cyber and digital are now interdependent – with both inextricably linked to economic prosperity and growth.
International partnerships at both government and industry level are a key means of pursuing these agendas. But these partnerships don’t happen by themselves. They require someone to represent the UK internationally and advocate for the cyber industry at a government-to-government level to help sell our cyber capabilities overseas.
This is exactly what Juliette Wilcox CMG has been doing for the last two and a half years as the UK’s Cyber Security Ambassador for the Department for Business and Trade (DBT) – being the third incumbent and first female to hold the role. It’s a critical position that has seen her travel around the world meeting with leading cyber experts and government representatives. With her tenure coming to an end, we sat down to discuss her experiences in the role.
Raising the UK’s profile through trusted relationships
Juliette’s primary responsibility as Cyber Security Ambassador has been to act on behalf of UK industry overseas, speaking directly to international government partners in private dialogues and at public events such as conferences and trade shows.
She explains: “My main task is to be that representative for the cyber industry when it comes to dealing with international partners who are adding to their capabilities and want to understand what the UK experience and offer is. They can’t just knock on the door of industry, and they wouldn’t either because you need to generate a level of trust.”
This type of foreign relations involves a lot of formal diplomatic meetings – situations that Juliette was already familiar with thanks to previous roles – supported by more informal conversations all in pursuit of building that aforementioned trust. There was also the task of building credibility by highlighting the foundational technical expertise we have across the UK. For example, our National Cyber Security Centre (NCSC) has been held up as the gold standard, providing a blueprint that others around the world can learn from as part of their own national cyber strategies.
“International partners can’t just knock on the door of industry, and they wouldn’t either because you need to generate a level of trust.”Juliette Wilcox CMG, former UK Cyber Ambassador
Sharing lessons from the UK and showcasing the great work and expertise of the UK’s cyber sector has required Juliette to leverage her unique experience and skills to interpret the role and how it should be approached. As she says, “there was a lot of scope for me to think about how to do the job differently.”
For example, Juliette has been keen to highlight the role of the SME ecosystem. “Primes are clearly the main deliverers of some of these large scale cyber security capabilities, but they must be supported by smaller SMEs that can often provide niche innovation. These SMEs can work well together with primes, but often don’t get a look in because they don’t know where to start. So it’s about considering how those SMEs can grow through export.”
This is a challenge we at BAE Systems Digital Intelligence have recognised through our international cyber capacity building programmes. This work has shown that government must work with the whole of industry to maximise the UK’s impact overseas. Primes have a key role to play in building ecosystems of SMEs to provide access to enhance technical capability as part of a ‘whole of nation’ approach. The opportunity is there and Juliette’s job has been to build trust in the UK’s competence, capability and integrity with this opportunity in mind.
Rising to the challenge
It was pretty early on in the role when Juliette realised that her stakeholders see cyber through different lenses and that she would need to “connect the dots” for many of them – i.e. help them understand the relevance of cyber to international trade, why she was pursuing something and how it could benefit UK plc.
“I remember talking to Whitehall colleagues when I first got into the role and many of them hadn’t even heard of it. They would look at me rather quizzically, so one of the first buzz phrases I used was the Tina Turner-inspired ‘what’s trade got to do with it?’ to try and get them to think about how exports could fit into their set of policies or objectives. Trying to connect those dots was one thing I found myself having to do a lot of.”
The role also came with some inherent challenges, one being how to translate domestic models and messages for international audiences. Juliette spent a lot of time watching what industry was doing in the UK and identifying effective models, but converting that into something that looks attractive from overseas and therefore leads to exports is no mean feat.
“You may have a fantastic product, but if you can’t explain it succinctly in a language that’s understood by an international buyer, then why would they listen to you?”Juliette Wilcox CMG, former UK Cyber Ambassador
And there is always a messaging challenge. Juliette’s time as Cyber Ambassador has shown her the importance of embracing local language when engaging with international stakeholders. Any organisation that wants to engage internationally must recognise this challenge and learn how to present themselves in the local language. After all, “you may have a fantastic product, but if you can’t explain it succinctly in a language that’s understood by an international buyer, then why would they listen to you?”
Juliette supported and contributed to this task by honing and translating industry messages so that they are understood overseas, which is key to turning engagement opportunities into something real – i.e. sales or investment into UK companies.
The key question she sought to answer: “How do you create that pathway that takes success in the UK and delivers it, or at least makes it clear for people overseas to either buy into or encourage in their own country?” To achieve this, Juliette took a somewhat unconventional option by turning to the classic British children’s song ‘There’s a hole in my bucket’. She linked this to the economic impact of cyber threats, using the message that money is being drained out of economies around the world due to the amount of cybercrime that siphons money out of the system.
“I spoke to the economic argument. People tend to think of cyber security as something that’s just costly, so I tried to convince them that cyber should be seen as an investment that can underpin their economy and provide future stability. My message was that, as countries around the world face difficult financial decisions, cyber is something you can and should be investing in.”
Recognising threats
The leaky bucket analogy alludes to the range of threats nations are facing today and Juliette’s interaction with industry has given her a keen insight into the scale of the current and future cyber security challenge facing the UK.
In her mind, the dynamic threat landscape means seeing cyber as a foundational investment and instilling secure by design principles are unavoidable. Cyber can’t be seen as a “nice to have bolt-on”, but a key pillar of society – requiring government and industry to work together in pursuit of national cyber resilience.
“As well as the skills and tools, we need incentives from government that encourage organisations to invest in cyber. This could include working with the insurance sector or introducing contractual requirements for secure by design products. But at the same time we need industry to support this; people to help train, measure and monitor. Getting the basics right will be critical.”
“As well as the skills and tools, we need incentives from government that encourage organisations to invest in cyber.”Juliette Wilcox CMG, former UK Cyber Ambassador
This drive to promote secure by design principles points to an interesting (and necessary) dualism of the role. As well as looking outwards to promote UK industry abroad, there was a need to understand and influence UK cyber itself, illustrating how the domestic and international missions are often intertwined. The UK continues to address its own cyber resilience through a range of initiatives including ACD 2.0, Cyber Essentials and the new Cyber Security and Resilience Bill, and the importance of those evolutions are worth sharing with international partners.
Ensuring long-term resilience will also require us as an ecosystem to be continuously looking ahead. What will further empower hostile actors and make cyber even more important? Juliette highlights AI and quantum technologies as two answers here, both of which offer opportunities for cyber-criminals to enhance their capabilities while lowering the bar for bad actors.
One solution Juliette puts forward is to strengthen the “power triangle” of government, industry and academia. As she explains, the real examples of power that she’s seen have been when “local government extends a welcome to industry and works with local academic centres of excellence. Enabling researchers to have access to industry thinking and vice versa creates a powerful ecosystem that can really make a difference.”
Reflecting on successes
The start of any new role offers an opportunity to pause and look back on what has come before it. So, as she prepares for a new chapter of her career in the private sector, how does Juliette reflect on her time as Cyber Ambassador?
She acknowledges the value she could provide as one cog in a much bigger machine: “I was always thinking about what I can do to help turn the dial and generate momentum for the UK. One voice isn’t going to change the thinking of a country, but I had the opportunity to stand up and say something valuable.”
Despite the pressures it comes with, it’s clear that the experience has been a positive one. “It’s been a great job,” Juliette says. “It’s not without its challenges. It does require energy and a willingness to set the agenda, and you have to learn how to focus on the right things, but it’s definitely a role worth doing.”
“There are so many skills required in the cyber security world that you need to draw on the whole of society to feed that.”Juliette Wilcox CMG, former UK Cyber Ambassador
It’s certainly been a successful posting, given the consistency of overseas engagement she’s built up. More foreign governments and partners now have a vested interest in the UK’s cyber expertise across multiple areas, and Juliette is proud to be leaving behind an international network of people who have enhanced their cyber security knowledge and are now more often taking the reins on local projects.
She’s also been able to drive progress in specific key areas such as cyber security in defence, and promote women in cyber – something she feels particularly strongly about. In her words: “There are so many skills required in the cyber security world that you need to draw on the whole of society to feed that. If a large chunk of society is put off due to the image of the industry or negative perceptions about the culture, then you’re missing a massive amount of the UK’s talent.”
As a female in the cyber field, I certainly recognise this disconnect between the supply and demand for cybersecurity skills as a continuing challenge both at home and overseas, and have appreciated Juliette in her senior position publicly advocating for more women in the industry. Of course, this is just one part of her multifaceted role. Personally, I’ve greatly enjoyed working with Juliette over the years and have seen the value she has brought to the UK cyber industry. We wish her the best in her new role and look forward to welcoming the new Cyber Ambassador.